Asee peer logo

A Capstone Project: Designing an IoT Threat Modeling to Prevent Cyber-attacks

Download Paper |

Conference

2021 Fall ASEE Middle Atlantic Section Meeting

Location

Virtually Hosted by the section

Publication Date

November 12, 2021

Start Date

November 12, 2021

End Date

November 13, 2021

Page Count

24

Permanent URL

https://peer.asee.org/38418

Download Count

316

Request a correction

Paper Authors

biography

Otily Toutsop Morgan State University

visit author page

Otily Toutsop is a Ph.D. student with a concentration on secure embedded systems in the Electrical and Computer Engineering department at Morgan State University. She is also affiliated with the Cybersecurity Assurance and Policy (CAP) center. She received her bachelor’s degree in Computer Science. Her research interests focus on IoT Security, machine learning, artificial intelligence, cyber-physical system, software security, home automation systems, and networking security. Her work has been published in several conferences, including the IEEE Computer Science, IEEE Applied Imagery Pattern Recognition Workshop (AIPR), IEEE International Conference on Internet of Things: Systems, Management and Security (IoTSMS), IEEE Future Internet of Things and Cloud (FiCloud), IEEE International Conference on Smart Innovations (SCI).

visit author page

biography

Rachida Satio Constance Kone Morgan State University

visit author page

Rachida is a PhD candidate in embedded systems at Morgan State University. After earning a Master's degree in electrical and energy engineering, Rachida worked as a Software Engineer before joining the PhD program at Morgan State University. As a project supervisor at the Cybersecurity Assurance and Policy (CAP) center, her research focuses on artificial intelligence, Internet of Things (IoT) and autonomous navigation.

visit author page

biography

ketchiozo wandji

visit author page

With over 15 years of academic research and teaching, private industry, and government experience, Dr. Ketchiozo Thierry Wandji is an expert in cybersecurity risk management and software security. Dr. Wandji used to be the Software Security Technical Lead in the Systems Security Division of the US Navy’s Naval Air Warfare Center Aircraft Division (NAVAIR) and the Cybersecurity Technical Expert in the Cyber Warfare Detachment, Dr. Wandji’s duties at NAVAIR included assessing software security throughout the software development lifecycle; planning, developing, and coordinating high-impact research projects on cyber defensive technologies; overseeing the development of innovative cyber technologies; providing policy guidance and standards as well as workforce development for software security; and integrating these standards into the acquisition process to ensure that systems are both reliable and highly-resilient to cyberattacks. Currently, Dr. Wandji advances education in the field as an Associate Director for the Cybersecurity Assurance and Policy (CAP) Center and an Associate Professor at Morgan State University where he currently teaches cybersecurity, oversees cybersecurity research studies, and designs cybersecurity curriculum. He has played an integral role in the design and implementation of cybersecurity virtual labs (cyber range) for students to have a hands-on cybersecurity experience. Likewise, Dr. Wandji helped put together a comprehensive program of cybersecurity workforce development for the Department of the Navy which helped many engineers to become cybersecurity experts.

visit author page

biography

kevin kornegay Morgan State University

visit author page

Kevin T. Kornegay received the B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and the M.S. and Ph.D. degrees in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is currently the IoT Security Professor and Director of the Cybersecurity Assurance and Policy (CAP) Center for Academic Excellence in the Electrical and Computer Engineering Department at Morgan State University in Baltimore, MD. His research interests include hardware assurance, reverse engineering, secure embedded systems, and smart home/building security. Dr. Kornegay serves or has served on the technical program committees of several international conferences, including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), IEEE Secure Development Conference (SECDEV), USENIX Security 2020, the IEEE Physical Assurance and Inspection of Electronics (PAINE), and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He serves on the State of Maryland Cybersecurity Council and the National Academy of Sciences Intelligence Community Science Board Cybersecurity Committee. He is the recipient of numerous awards, including He is the recipient of multiple awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is currently a senior member of the IEEE and a member of Eta Kappa Nu and Tau Beta Pi engineering honor societies.

visit author page

biography

Caroline Kinyanjui Morgan State University

visit author page

Caroline Kinyanjui is a Ph.D. student with a concentration in secure embedded systems in the Electrical and Computer Engineering Department at Morgan State University. She holds a B.S. in electrical engineering in the same department. She is affiliated with the Cybersecurity Assurance and Policy (CAP) Center in the same institute. Her research interest includes security and privacy in Internet of Things (IoTs), Machine Learning, Cyber Security and Data Privacy.

visit author page

biography

Vinton Amsley Morris

visit author page

Vinton received his bachelor's and master's degree in Information Systems from the University of Maryland Baltimore County. He is currently pursuing a Ph.D. in Secure Embedded Systems in the Department of Electrical and Computer Engineering (ECE) at Morgan State University. He is currently conducting research in the Cybersecurity Assurance and Policy (CAP) Center and the Center for Reverse Engineering and Assured Microelectronics (CREAM) Lab with a research focus on network and IoT device security. Additional research interest includes machine learning applications, artificial intelligence, and privacy.

visit author page

author page

Jay Jemal

biography

Javaun Rose Morgan State University

visit author page

Electrical Engineering undergraduate student with a concentration in cybersecurity at Morgan State University.

visit author page

Download Paper |

Abstract

The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State University launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense.

Toutsop, O., & Kone, R. S. C., & wandji, K., & kornegay, K., & Kinyanjui, C., & Morris, V. A., & Jemal, J., & Rose, J. (2021, November), A Capstone Project: Designing an IoT Threat Modeling to Prevent Cyber-attacks Paper presented at 2021 Fall ASEE Middle Atlantic Section Meeting, Virtually Hosted by the section. https://peer.asee.org/38418

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2021 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015